miniflux: update to 2.2.15.
✨ New Features
New configuration option to disable the Miniflux API
Added option to save entries to a specific Linkwarden collection
YouTube subscription improvements:
Provide multiple feeds for YouTube content: Channel, videos only, short videos, live streams
Better canonical URL detection (now has its own dedicated step)
Improved YouTube channel parsing, including default playlists
Allow feed entries with <i> and <small> tags
URL Cleaner: Remove additional trackers from URLs
🐛 Bug Fixes
YouTube embeds: Avoid Error 153 (video player configuration error) in various scenarios
API: fetchContent endpoint now properly rewrites media URLs when using the media proxy
Security: Only relative paths are now allowed for the redirectURL parameter
CI fixes:
[11 lines not shown]
ImageMagick: Update to 7.1.2.10
upstream changes:
-----------------
7.1.2-10 - 2025-12-07
Commits
* beta release cfbeef4
* Added extra check to make sure don't read after an empty string. f83765c
* Added extra check to avoid an overflow on 32-bit machines (GHSA-6hjr-v6g4-3fm8) bdae068
* Use HeapOverflowSanityCheckGetSize to make it more clear what is happening. 351bbc8
* Added define to make sure we don't always write a jpeg in a high bit depth (#8445) 245b84f
* Use intermediate variable to silence 32-bit build error on Windows. ba1fcf9
* Code cleanup. 567321b
* Updated the Windows dependencies and configure. 53b1fb9
* Disable creation of msix in pull requests. 537db6b
* Updated the checkout actions. e956d72
* Check for quality instead of compression to avoid Unsupported JPEG data precision error message (#8445). 1269cf5
* The quality of the image_info should be used instead. 69f7ced
* release f4ce623
[43 lines not shown]
Pull up following revision(s) (requested by roy in ticket #1984):
external/bsd/openresolv/dist/resolvconf.in: revision 1.14
external/bsd/openresolv/dist/resolvconf.in: revision 1.16
(via patch)
resolvconf: Single quote parsed values from resolv.conf
When parsing resolv.conf entries we build up shell variables.
Because this is done via a pipe, we need to echo the variables
to stdout and eval the result to get them into the main resolvconf.
We have no idea what the values are, so we build up the output
ensuring the parsed value is single quoted so eval will always
interpret it as a string and nothing more.
This avoids an attack like so:
`echo 'search $(touch /tmp/foo)' | resolvconf -a bar`
resolvconf: Add a function to quote and escape input for eval
[7 lines not shown]
Pull up following revision(s) (requested by roy in ticket #1204):
external/bsd/openresolv/dist/resolvconf.in: revision 1.14
external/bsd/openresolv/dist/resolvconf.in: revision 1.16
(via patch)
resolvconf: Single quote parsed values from resolv.conf
When parsing resolv.conf entries we build up shell variables.
Because this is done via a pipe, we need to echo the variables
to stdout and eval the result to get them into the main resolvconf.
We have no idea what the values are, so we build up the output
ensuring the parsed value is single quoted so eval will always
interpret it as a string and nothing more.
This avoids an attack like so:
`echo 'search $(touch /tmp/foo)' | resolvconf -a bar`
resolvconf: Add a function to quote and escape input for eval
[7 lines not shown]
Pull up following revision(s) (requested by andvar in ticket #1985):
external/bsd/ntp/bin/ntptime/ntptime.8: revision 1.2
etc/ntp.conf: revision 1.24
share/man/man4/options.4: revision 1.532
Fix path to accopt.html in the comment.
Seems unnoticed since netbsd 7 or so, but probably needs pullups.
Fix path to ntp documentation.
Pull up following revision(s) (requested by andvar in ticket #1206):
external/bsd/ntp/bin/ntptime/ntptime.8: revision 1.2
etc/ntp.conf: revision 1.24
share/man/man4/options.4: revision 1.532
Fix path to accopt.html in the comment.
Seems unnoticed since netbsd 7 or so, but probably needs pullups.
Fix path to ntp documentation.
Pull up following revision(s) (requested by andvar in ticket #120):
external/bsd/ntp/bin/ntptime/ntptime.8: revision 1.2
etc/ntp.conf: revision 1.24
share/man/man4/options.4: revision 1.532
Fix path to accopt.html in the comment.
Seems unnoticed since netbsd 7 or so, but probably needs pullups.
Fix path to ntp documentation.
Pull up following revision(s) (requested by msaitoh in ticket #1205):
sys/arch/arm/arm32/bus_dma.c: revision 1.148
arm/bus_dma: Sprinkle error check with __predict_{true,false}.
Sprinkle error check in bus_dmamap_load*() and bus_dmamap_sync() with
__predict_{true,false} to improve performance.
Pull up following revision(s) (requested by jmcneill in ticket #119):
sys/arch/evbppc/wii/dev/gcpad_rdesc.h: revision 1.1
sys/arch/evbppc/include/wii.h: revision 1.13
sys/arch/evbppc/wii/dev/uhid_si.c: revision 1.1
sys/arch/evbppc/wii/mainbus.c: revision 1.6
sys/arch/evbppc/wii/dev/si.c: revision 1.1
sys/arch/evbppc/wii/dev/si.c: revision 1.2
sys/arch/evbppc/conf/files.wii: revision 1.9
sys/arch/evbppc/wii/dev/si.h: revision 1.1
sys/arch/evbppc/conf/WII: revision 1.13
wii: Add support for GameCube controller sockets.
A new driver is introduced for the Serial Interface that exposes the four
GameCube controller sockets as uhid(4) devices. The report format and HID
usages of these devices attempts to mimic the official USB GameCube
controller adapter.
[30 lines not shown]
Pull up following revision(s) (requested by roy in ticket #117):
external/bsd/openresolv/dist/resolvconf.in: revision 1.14
external/bsd/openresolv/dist/resolvconf.in: revision 1.16
resolvconf: Single quote parsed values from resolv.conf
When parsing resolv.conf entries we build up shell variables.
Because this is done via a pipe, we need to echo the variables
to stdout and eval the result to get them into the main resolvconf.
We have no idea what the values are, so we build up the output
ensuring the parsed value is single quoted so eval will always
interpret it as a string and nothing more.
This avoids an attack like so:
`echo 'search $(touch /tmp/foo)' | resolvconf -a bar`
resolvconf: Add a function to quote and escape input for eval
[7 lines not shown]
pkg-vulnerabilities: add last days CVEs
+ ImageMagick,
freeimage (no links to upstream, unclear if reported or not, assume not fixed),
jenkins, libsoup (not fixed),
miniflux, phppgadmin, py-tornado, webmin, wolfssl
Be more careful about signedness when comparing bfree against the computed
value. Avoids a false positive of the form "BFREE GIVEN AS -5, SHOULD BE
BETWEEN -12 AND 50".
